The vulnerability of the microprogrammed Wi-Fi router STATION L-02F, related to deficiencies in access control, allows a hacker to gain access to the device with administrator privileges and execute arbitrary commands.

The vulnerability of the microprogrammed Wi-Fi router STATION L-02F is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to gain access to the device with administrator privileges and execute arbitrary commands...

IBM Security Identity Manager Virtual Appliance Arbitrary Command Execution Vulnerability (CNVD-2017-33517)

IBM Security Identity Manager ISIM is a suite of identity management and governance solutions from IBM in the United States. The solution automates the creation, modification, re-authentication and termination of user privileges throughout the user lifecycle and supports policy-based password...

Authentication flaw

A Missing Authentication for Critical Function issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 or prior, and InTouch Machine Edition v8.0 SP2 or prior. InduSoft Web Studio provides the capability for an HMI client to trigger script execution on the server for the purposes ...

CVE-2017-14867

Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code i...

UBUNTU-CVE-2017-14867

Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code i...

HPE System Management Homepage Arbitrary Command Execution Vulnerability

HPE System Management Homepage is a Web-based interface from Hewlett Packard Enterprise. An arbitrary command execution vulnerability exists in HPE System Management Homepage, which allows an attacker to submit a special request to execute arbitrary OS commands in an application context...

HPE System Management Homepage Arbitrary Command Execution Vulnerability (CNVD-2017-33361)

HPE System Management Homepage is a Web-based interface from Hewlett Packard Enterprise. An arbitrary command execution vulnerability exists in HPE System Management Homepage, which allows an attacker to submit a special request to execute arbitrary OS commands in an application context...

SaltStack Salt Arbitrary Command Execution Vulnerability

SaltStack Salt a.k.a. SaltStack is an open source set of tools for managing infrastructure from the American company SaltStack. A security vulnerability exists in the Salt-api in SaltStack Salt. An attacker can exploit this vulnerability to execute arbitrary commands with the help of sshclient in...

HPE System Management Homepage Arbitrary Command Execution Vulnerability (CNVD-2017-33362)

HPE System Management Homepage is a Web-based interface from Hewlett Packard Enterprise. An arbitrary command execution vulnerability exists in HPE System Management Homepage, which allows an attacker to submit a special request to execute arbitrary OS commands in an application context...

HPE System Management Homepage Arbitrary Command Execution Vulnerability (CNVD-2017-33367)

HPE System Management Homepage is a Web-based interface from Hewlett Packard Enterprise. An arbitrary command execution vulnerability exists in HPE System Management Homepage, which allows an attacker to submit a special request to execute arbitrary OS commands in an application context...

CVE-2017-5200

Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's sshclient. Users of Salt-API and salt-ssh could execute a command on the salt master via a hole when both systems were enabled...

CVE-2017-5200

Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's sshclient...

UBUNTU-CVE-2017-5200

Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's sshclient. Users of Salt-API and salt-ssh could execute a command on the salt master via a hole when both systems were enabled...

PYSEC-2017-39

Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's sshclient...

CVE-2017-5200

Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's sshclient...

CVE-2017-5200

Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's sshclient...

CVE-2017-5200

CVE-2017-5200 affects SaltStack Salt’s Salt-api via ssh_client, enabling arbitrary command execution on the salt-master. Affected versions include Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2. Mitigation: apply the fixed releases (e.g., Salt 2015.8.13, 2016.3.5,...

CVE-2017-5200

Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's sshclient...

CVE-2017-5200

Removed by vendor...

DEBIAN-CVE-2015-5704

scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands...